Computer SecurityWhy Worry About security?Reported IncidentsReported VulnerabilitiesSecurityMotivesCriminal ProfileThreat PyramidPhysical SecuritySlide 10VulnerabilitiesSoftware ThreatsDeliveryCrackingSocial EngineeringDefensesHow much security?Best PracticesSlide 19Slide 20Create Strong Pass PhrasesSlide 22Best practicesProtect Your PrivacySlide 25Hacker HuntingCaptain, We've Been Boarded!Forensic Tools and InformationLab AssignmentSlide 30Slide 311Computer SecurityComputer SecurityThreats, Detection, and Threats, Detection, and PreventionPrevention22Why Worry About security?Why Worry About security?33Reported IncidentsReported Incidents44Reported VulnerabilitiesReported Vulnerabilities55SecuritySecurityComputerComputer•PhysicalPhysical•SoftwareSoftwarePeoplePeopleNetworkNetwork•WiredWired•WirelessWireless66MotivesMotivesPersonalPersonal•Joy or thrillJoy or thrill•Net credNet cred•Revenge – spouse, employeeRevenge – spouse, employeeProfitProfit•BlackmailBlackmail•Competition/Business secretsCompetition/Business secretsIdeologicalIdeological•PoliticalPolitical•SocialSocial•ReligiousReligious77Criminal ProfileCriminal ProfileHackerHackerCrackerCrackerWhite-collar crimeWhite-collar crimeCon artistCon artistPsychological Psychological problemsproblems•StalkerStalker•TerroristTerrorist•FanaticsFanaticsScriptkiddyScriptkiddy88Threat PyramidThreat PyramidScriptScriptKidsKidsModerateModerateAggressiveAggressiveGovernmentsGovernments1M’s1M’s10K’s10K’s1K’s1K’s100’s100’sSource: Source: Tom Perrine, SDSCTom Perrine, SDSCSecurity as InfrastructureSecurity as Infrastructure99Physical SecurityPhysical SecurityTrashTrash•OfficeOffice•Dumpster divingDumpster divingComputer accessComputer access•Not logged off computer or lockedNot logged off computer or locked•BIOS and Boot not secureBIOS and Boot not securePasswords written downPasswords written downUnsecured laptopsUnsecured laptopsDocuments not secure in cabinets Documents not secure in cabinets1010Physical SecurityPhysical Security1111VulnerabilitiesVulnerabilitiesProgramming errorsProgramming errors•Buffer overrunsBuffer overruns•Integer overflowsInteger overflows•Poor access controlPoor access control•Stack errorsStack errorsPoor designPoor design•Poor access controlPoor access control•Monolithic vs modular Monolithic vs modular •Unexpected behaviorUnexpected behaviorQuality controlQuality control•CorporationsCorporations•Small BusinessesSmall Businesses•IndividualsIndividuals1212Software ThreatsSoftware ThreatsVirusesVirusesWormsWormsTrojansTrojansLogic bombsLogic bombsRootkitsRootkits1313DeliveryDeliverySoftwareSoftware•SpywareSpyware•AdwareAdware•MalwareMalwareMediaMediaEmailEmailSpamSpamWebsitesWebsites1414CrackingCrackingDictionaryDictionaryBrute forceBrute forceHybridHybridCracking is time Cracking is time consuming and consuming and requires great requires great computing powercomputing power1515Social EngineeringSocial EngineeringFriendshipFriendshipAuthorityAuthoritySnoopingSnoopingGuiltGuiltTrustTrustTimeTimePolitenessPolitenessPhishingPhishingHoaxesHoaxesShoulder SurfingShoulder Surfing1616DefensesDefensesAnti-virus softwareAnti-virus software•SymantecSymantec•McAfeeMcAfee•F-SecureF-Secure•PandaPandaPopup blockersPopup blockers•BrowsersBrowsers•Stand aloneStand aloneSoftware FirewallsSoftware Firewalls•SymantecSymantec•WindowsWindows•ComodoComodo•Zone AlarmZone AlarmAnti-spywareAnti-spyware•Windows DefenderWindows Defender•Ad-AwareAd-AwareAnti-spamAnti-spam•Built in to email clientBuilt in to email client•Stand aloneStand alone1717How much security?How much security?SecuritySecurityEase of UseEase of UseBeware of Security through Beware of Security through Obscurity!!!Obscurity!!!1818Best PracticesBest PracticesPhysical securityPhysical security•Lock your office doorLock your office door•Lock your PCLock your PC•Lock your documentsLock your documents•Use a shredderUse a shredder•Secure your laptopSecure your laptop•Check PC for suspicious Check PC for suspicious devicesdevices•BIOS and Boot orderBIOS and Boot order•Use common senseUse common sense1919Best PracticesBest PracticesUpdate softwareUpdate software•OSOS•Anti’sAnti’s•ApplicationsApplicationsUpdate FirmwareUpdate Firmware•BIOSBIOS•Network devicesNetwork devicesMicrosoft Baseline Microsoft Baseline Security AnalyzerSecurity Analyzer2020Best PracticesBest PracticesUser discretionUser discretion•Scan email Scan email attachments and attachments and downloads before downloads before opening or startingopening or starting•Be wary of Be wary of unsolicited helpunsolicited help•Avoid seedy Avoid seedy websites and websites and servicesservicesContinuedContinued•Be cautious of Be cautious of unsolicited email unsolicited email even from trusted even from trusted sourcessources•Don’t advertise Don’t advertise personal personal informationinformation•Control accessControl access2121Create Strong Pass PhrasesCreate Strong Pass Phrases•msd10171965msd10171965PoorPoor•ardl79BEf76357ardl79BEf7635714 spaces14 spacesHard to rememberHard to rememberGoodGood•MydogSkiplovestoplayfetcheverydayMydogSkiplovestoplayfetcheveryday33 spaces33 spacesEasier to rememberEasier to rememberBetterBetter•Myd0gSkipluvs2playfetchev3rydayMyd0gSkipluvs2playfetchev3ryday31 spaces31 spacesEasier to rememberEasier to rememberLimit Duplicate letters –substitute with numbers, Limit Duplicate letters –substitute with numbers, punctuation, or special characterspunctuation, or special charactersBestBest2222Best PracticesBest PracticesUnderstand system Understand system behaviorbehavior•Know what is Know what is normal to establish normal to establish a baselinea baseline•Monitor system Monitor system resourcesresources•Be proactiveBe proactive2323Best practicesBest practicesSecure your dataSecure your data•Back up your dataBack up your data•Store backup in Store backup in secure locationsecure location•Back up oftenBack up often•Separate system Separate system from datafrom data2424Protect Your PrivacyProtect Your PrivacyEncryptionEncryption•PGP emailPGP email•Folders and filesFolders and
View Full Document